Application Security Testing
With over 20 years’ experience in web application development, system architecture and information security we have seen first-hand the increasing pace of change to the cyber security landscape. New vulnerabilities are constantly being identified as methods of attacks are improved.
The Application Security Testing service from Oxford Web Applications is based on the Open Web Application Security Project’s (OWASP) Application Security Verification Standard and has been designed to help our clients keep their Applications safe and secure.
If you haven’t recently had your web application tested vulnerabilities may exist which leave you open to attack which could result in legal, reputational, and financial damage to your business.
Manual Testing Approach
At Oxford Web Applications we choose to take a manual approach to security testing web applications. Following an initial review of your web application we can help to identify the most suitable level of security testing required, whether it’s OWASP Level 1, OWASP Level 2, or the OWASP Top 10 Most Critical Web Application Security Risks.
Testing against the OWASP Application Security Verification Standard will ensure known vulnerabilities are accounted for, including:
- SQL Injection
- Command Injection
- Cross-site Scripting (XSS)
- Cross-site Request Forgery (CSRF)
- Local and Remote File Inclusion
- XML External Entity Processing (XXE)
In line with the OWASP Application Security Verification Standard we interpret the results of the testing in the context of the web application, therefore allowing us to make recommendations on a priority basis within the report.
Security Report and Ongoing Protection
Our Application Security Testing service will provide you with a comprehensive in-depth report outlining vulnerabilities that exist within your web application, how the exploits can be reproduced and an executive summary of our findings. The report will include our recommendations which our experts will go through with you and your team in person.
To keep pace with the latest security vulnerabilities we can provide our Application Security Testing service on a recurring basis to ensure new code is tested against the latest application security standards.
Time to get tested
As the pace of application development continues to increase it is vital that Application Security Testing is an integral part of the overall process.
New vulnerabilities are constantly being identified as methods of attacks are improved. Changes to applications themselves can also open up security holes which previously didn’t exist.
If you have a web application that you would like to be security tested, or would like to find out how this service can help you please contact us.